GDPR + EU AI Act governance software

Privacy and AI governance that keeps up with your business.

Acompli gives DPOs, privacy leaders and compliance teams one evidence-led system for RoPA, DPIAs, data mapping, third-party risk and EU AI Act readiness. AI drafts, flags and classifies; your team approves every record.

Book a walkthrough View the platform

Built in Ireland for teams accountable to the DPC and ICO. Human-reviewed AI, audit-ready records, evidence trails and exports.

Acompli RoPA Register dashboard with processing records and status overview

Templates and workflows aligned to

GDPR

EU AI Act

PECR

Platform overview

One foundation.
Every module feeds the next.

Import your organisational knowledge once, then use it across assessments, RoPA, risk, third-party oversight, data mapping, DSAR, Code Scan and AI governance. Every approved answer improves the next piece of work.

One knowledge baseHuman-reviewed outputsOne audit trail

00 · FoundationOperational in days

Onboarding

Your Foundation

Import DPIAs, RoPA spreadsheets, supplier lists, system inventories, policies and documents into one governed compliance foundation.

01 / Assess

Assessments

GDPR & EU AI Act

Run DPIAs, LIAs, TIAs, processor reviews and AI Act assessments with templates, AI support and human approval.

Human-approved

02 / Detect

Risk

Privacy Risk

Extract candidate risks from approved evidence, assign treatment plans and report on current exposure.

Evidence-linked

03 / Record

RoPA

Article 30 Governance

Maintain Article 30 records linked to approved assessments, systems, suppliers and transfers.

Review-controlled

04 / Vendor

Third-Party

Processor & Transfer Risk

Record suppliers and processors once, then reference them across assessments, RoPA, risk and data mapping.

Reusable records

05 / Map

Data Mapping

Organisational Registry

Build a living view of systems, suppliers, locations, data categories and transfers.

Living map

Point tools create records. Acompli connects them.

One platformOne knowledge baseEvery module feeds the next

Specialist tools

Different jobs from the core platform — so they’re priced on their own, never bundled into everyone’s licence.

Standalone product

DSAR

Manage requests from intake to archive with deadlines, identity checks, redaction and audit history.

Explore DSAR

Add-on

Code Scan

Turn live codebases into reviewable privacy and AI-governance evidence. Add it to any platform plan.

Explore Code Scan

The workflow

Seven stages from knowledge to compliance

Each stage builds on the last. Each completed assessment makes the next one better. This is the intelligent data lifecycle.

Choose your assessment

Every workflow begins by selecting or building an assessment template. The AI template builder auto-tags every RoPA-affiliated field. Article 30 mapping happens before a single answer is written.

Start from a pre-built workflow or describe the processing activity in plain language and let the builder generate a tailored questionnaire. Either way, legal basis, data categories, recipients and retention periods are mapped from the outset, so the eventual RoPA record drafts itself for review.

Assessment Library

DPIAs, LIAs, TIAs, vendor due diligence and other workflows, pre-built and ready to run.

AI Template Builder

Describe the processing activity and Acompli generates a tailored assessment with RoPA fields pre-tagged.

RoPA Auto-tagging

Article 30 fields are identified and mapped at template level with no manual setup.

Connect your organisation's knowledge

Before a single answer is generated, Acompli learns your world. Three knowledge bases feed every assessment, each a distinct, grounded source of truth.

Three knowledge bases feed every assessment: project-level documents, the organisational registry, and the assessor's own contextual input. Each is searchable, grounded, and kept current.

Knowledge

Project DocumentsContracts, DPAs, retention schedules, and supporting files parsed and indexed.

Org RegistrySystems, processors, locations, data categories, and contracts.

Assessment ContextWhat the assessor describes about the processing activity itself.

Three agents assemble the evidence

Three specialist agents search your data in parallel and compile a structured intelligence brief. All three are read-only by design.

KB Intelligence

Searches the registry of systems, processors, and locations to build a relevance map for each question.

Read-only · KB, entities, regulatory docs

Document Analyst

Searches project docs and images including contracts, DPAs, architecture diagrams, and consent records.

Read-only · Documents, images

Archive Researcher

Searches past assessments and DPO-approved precedents for historical context.

Read-only · Archive, precedents

Compiled →Structured intelligence brief staged to the project document library

AI writes with your evidence in front of it

The model runs with full context: registry, project documents including the intelligence brief, and approved precedents. Every answer is grounded in your data and then verified.

DPIA — Employee Monitoring System

Processing purpose & lawful basisGrounded

Data categories & retention periodsGrounded

Necessity & proportionalityReview

Transfer impact assessmentPrecedent

Rights & freedoms risk analysisGrounded

Risk mitigation measures3 Flagged

Advisory co-pilotExplains what “good” looks like for every question

Polishes wording on demand, in bulk or per question

Every claim checked against your records

Post-generation verification. Each claim is checked against two layers of your own data. Ungrounded claims are flagged rather than silently passed through.

Layer 1 — Entity Registry

Named systems, vendors, and locations are verified against your registry. Unregistered entities are flagged.

Layer 2 — Uploaded Documents

Retention, safeguards, and legal mechanisms are searched and matched back to document sections.

Sensitive Claim Scrutiny

Article 6, Article 9, international transfers, and data subject rights get mandatory additional review.

Sensitive claims such as legal basis, special category processing, international transfers, and data subject rights receive additional scrutiny regardless of their general grounding score.

Review priority queue

FlaggedHighMediumLow

Risks extracted. RoPA drafted. Automatically.

Upon DPO approval, four processes execute simultaneously. Every output carries full provenance so a RoPA record can be traced back to source evidence in one click.

Risk Register

Risks extracted with provenance

Each risk carries severity, category, source assessment, and a link to the original question and answer.

RoPA Records

Article 30 fields auto-populated

Legal basis, data categories, recipients, and retention are populated from responses.

Assessment archived and searchable

AI-generated summary, structured tags, and risk levels are embedded and indexed.

Precedents

Best answers become standards

High-quality answers surface as candidates and the DPO curates which become authoritative.

Every assessment makes the next one better

The programme improves continuously through the compliance work your organisation is already conducting. Context survives people changes. Institutional knowledge compounds.

Compound

Registry

From workflow to Evidence Pack

Every core workflow leaves behind a reviewable record: the source evidence, generated draft, reviewer judgement, linked risks, affected records and audit history behind the decision.

Source evidence

Uploaded policies, assessment answers, system records, supplier details and repository findings stay linked to the output they support.

Reviewer judgement

Drafts, extracted fields and suggested risks are routed through human review, with approvals and changes preserved as part of the record.

Audit history

The pack shows what changed, who reviewed it, which risks or records were affected, and how the approved output was exported.

Who uses Acompli

Built for DPOs, legal counsel, compliance managers, and security leads

Data Protection Officers

One place for every assessment, risk, RoPA entry, processor relationship and compliance decision your organisation has made. No chasing contributors or reconciling document versions to locate evidence of due diligence. Audit-ready is the default state, not the product of an emergency effort.

Privacy and Legal Counsel

Review AI-drafted assessments backed by source evidence and audit trails. Every response is traceable. Every AI suggestion is versioned and either accepted or rejected by a named human. Professional judgement applied to a structured, complete record — not exercised against an incomplete record.

Compliance Managers

Structured workflows with defined owners, due dates, and escalation paths. Assessments move through review stages with full history attached. Contributors are prompted by email. Contributors are not required to log into a separate portal to fulfil their responsibilities.

CISOs and Technical Leads

Risk register connected to DPIAs. Treatment plans with named owners, costs, and measurable outcomes. GRC export to enterprise platforms. API key management for system integrations. The compliance programme and the security programme speak the same language.

Why Acompli

Privacy governance with product depth and review discipline.

Acompli combines the software surface privacy teams expect with the evidence trail, human approval and AI governance controls they need when the work is challenged.

01One governed record

Stop rebuilding evidence for every audit.

Assessments, risks, RoPA entries, suppliers, data maps and AI classifications stay linked to the source facts and reviewer decisions behind them.

02Human judgement

AI helps the work move faster without taking control.

Acompli drafts, flags and classifies. Named people approve the record, with accepted and rejected changes preserved in the audit trail.

03Operational clarity

Give privacy leaders a live view of work in progress.

Teams can see what is waiting for input, what is ready for review, which risks changed and which records are ready to export.

04Ireland and UK fit

Built for teams accountable to the DPC and ICO.

The platform keeps GDPR, UK GDPR, PECR and EU AI Act work close together instead of splitting privacy governance across point tools.

Regulatory signals this month

Recent changes privacy teams should have on their radar

Acompli tracks regulatory movement so governance work keeps pace with what supervisory authorities, legislators and security teams are asking for now.

25 Jun 2026 · International Transfers

Irish High Court Upholds TikTok's €530 Million Fine Over Transfers to China

The Irish High Court has upheld the Data Protection Commission's €530 million fine against TikTok over the transfer of EEA user data to China and related transparency failures, confirming one of the largest GDPR penalties on record while allowing a narrow appeal on the size of the fine to proceed.

Read update →25 Jun 2026 · Cybersecurity

Novo Nordisk Breach Exposes Clinical Trial and Healthcare Professional Data

Novo Nordisk has disclosed a security incident in which attackers copied personal data from internal systems, including pseudonymised clinical trial data covering biomarkers and lifestyle factors, and directly identifying information about healthcare professionals - a breach that illustrates the layered sensitivity of health-sector data.

Read update →25 Jun 2026 · Cybersecurity

Klue Supply-Chain Attack Exposes Salesforce Data Through Stolen OAuth Tokens

A compromise of market intelligence platform Klue allowed attackers to steal OAuth tokens connecting customer Salesforce environments, exposing business data across numerous organisations including Tanium, Gong, Huntress, and LastPass - a textbook SaaS supply-chain attack built on a forgotten legacy credential.

Read update →

Read all updates

EU AI Act surface

AI System Register, FRIA Article 27, and 30 Member-State conformity templates, available on opt-in. Code Scan AI Governance mode is live today.

See the AI Act surface →Research

GDPR RoPA Requirements in Ireland and the UK

A detailed comparison of Article 30 requirements under EU GDPR and UK GDPR, with best practices for maintaining living records.

Read the guide →Research

EU AI Act Ireland: 2026 timeline and Article 50 guide

A maintained reference for AI Act dates, transparency obligations, Irish implementation, and governance work linked to GDPR records.

Read the guide →Resource

GDPR Fine Calculator

Estimate statutory maximum fine exposure under Article 83 for DPC and ICO jurisdictions, with scenario-based risk assessment.

Open calculator →

Homepage FAQ

Acompli questions answered

What is Acompli?

Acompli is a privacy and AI governance platform for GDPR and EU AI Act compliance. It helps teams manage RoPA, DPIAs, privacy assessments, data mapping, third-party risk, DSARs, AI system registers and audit-ready evidence.

Who is Acompli built for?

Acompli is built for DPOs, privacy leaders, legal teams, compliance teams and security or engineering teams that need defensible privacy records and evidence-led workflows.

Does Acompli use AI?

Yes. Acompli uses AI to draft, classify, surface and suggest. A human approves the final record, classification or evidence update.

Is DSAR part of the core platform?

DSAR Management is available as a standalone product for intake, identity verification, redaction, SLA tracking and auditable delivery.

What are Acompli's core platform modules?

Acompli's core platform modules are Assessments, Risk, RoPA, Third-Party Risk and Data Mapping. EU AI Act, Code Scan, DSAR and Assistants extend or support those workflows.

Does Acompli train AI models on customer data?

No. Acompli does not use customer content to train its own general-purpose models and does not sell personal data. Access and review activity are controlled and logged.

Grounded in primary sources: GDPR (Regulation (EU) 2016/679), EU AI Act (Regulation (EU) 2024/1689), the Data Protection Commission and the ICO.

Get started

Start with one assessment. Build the whole record.

See how Acompli turns your organisational knowledge into structured assessments, reviewed records, risk entries and audit-ready evidence.

Book a walkthrough →See a sample Evidence Pack